package org.spongycastle.tls.crypto.impl.jcajce;

import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.DigestInfo;
import org.spongycastle.jcajce.util.JcaJceHelper;
import org.spongycastle.tls.DigitallySigned;
import org.spongycastle.tls.SignatureAndHashAlgorithm;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsStreamVerifier;
import org.spongycastle.tls.crypto.TlsVerifier;

/* loaded from: classes2.dex */
public class JcaTlsRSAVerifier implements TlsVerifier {
    public final JcaJceHelper a;
    public RSAPublicKey b;
    public Signature c = null;

    public JcaTlsRSAVerifier(RSAPublicKey rSAPublicKey, JcaJceHelper jcaJceHelper) {
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("'pubKeyRSA' cannot be null");
        }
        this.b = rSAPublicKey;
        this.a = jcaJceHelper;
    }

    @Override // org.spongycastle.tls.crypto.TlsVerifier
    public boolean a(DigitallySigned digitallySigned, byte[] bArr) {
        SignatureAndHashAlgorithm b = digitallySigned.b();
        try {
            Signature c = c();
            if (b == null) {
                c.update(bArr, 0, bArr.length);
            } else {
                if (b.c() != 1) {
                    throw new IllegalStateException();
                }
                byte[] o = new DigestInfo(new AlgorithmIdentifier(TlsUtils.M(b.b()), DERNull.b), bArr).o();
                c.update(o, 0, o.length);
            }
            return c.verify(digitallySigned.c());
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("unable to process signature: " + e.getMessage(), e);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsVerifier
    public TlsStreamVerifier b(final DigitallySigned digitallySigned) {
        SignatureAndHashAlgorithm b = digitallySigned.b();
        if (b == null || b.c() != 1 || !JcaUtils.c()) {
            return null;
        }
        try {
            if (!JcaUtils.b(c().getProvider())) {
                return null;
            }
            final Signature i = this.a.i(JcaUtils.a(b));
            i.initVerify(this.b);
            return new TlsStreamVerifier() { // from class: org.spongycastle.tls.crypto.impl.jcajce.JcaTlsRSAVerifier.1
                @Override // org.spongycastle.tls.crypto.TlsStreamVerifier
                public OutputStream a() {
                    return new SignatureOutputStream(i);
                }

                @Override // org.spongycastle.tls.crypto.TlsStreamVerifier
                public boolean b() {
                    try {
                        return i.verify(digitallySigned.c());
                    } catch (SignatureException e) {
                        throw new TlsFatalAlert((short) 80, e);
                    }
                }
            };
        } catch (GeneralSecurityException e) {
            throw new TlsFatalAlert((short) 80, e);
        }
    }

    public Signature c() {
        if (this.c == null) {
            Signature i = this.a.i("NoneWithRSA");
            this.c = i;
            i.initVerify(this.b);
        }
        return this.c;
    }
}
